Last updated: July 1, 2018
Welcome to the Petal And Veil LLC (Petal & Veil) website (the “Site”). Petal & Veil designs heirloom quality wedding accessories and digital goods for brides with uncompromising taste (“Services”).
Data we collect
When you interact with the Site, we may collect information that, alone or in combination with other information, could be used to identify you (“Personal Data”), as described below:
Personal Data That You Provide Through the Site: When you create an account, order products or services, request information, communicate with customer service, subscribe to emailing lists, or apply for employment through the Site, we collect the following Personal Data from you:
- First and last name
- Fiance first and last name
- Wedding dates
- Wedding venue city, state, country
- Dating anniversary
- Title or Role
- Email address
- Mailing address
- Phone number
- Fax number
- Payment and billing information
- Country location
- Employment History and education
- Other details as set forth in forms you elected to complete
Personal Data we collect is stored a maximum of 3 months after the submitted wedding date (if collected using marketing or hashtag forms) or a maximum of 3 months after the placement of an order for goods or services. At that time it is either destroyed or redacted to remove identifying features and details that could classify it as Personal Data.
How we use your data
For marketing purposes
To the extent permitted by applicable law, we will use your Personal Data to send you information by email on our new products or services or other promotions. Where required by the applicable law, we will obtain your consent before doing so (for example, if you are an EU data subject), we will send you such information only with your consent, which was given at the time you provided us with the Personal Data. In such case, if you do not provide us with your consent to the processing of your Personal Data for this purpose, we will not send you this information.
For delivery of goods or services
We will use your Personal Data to deliver the goods or services for which you elected and provided payment. We will only use your personal data for delivery of goods and services unless consent is specifically granted to us it for other purposes, such as marketing and general communication.
We do not sell your Personal Data to third parties under any circumstance.
How did I give my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If you change your mind after you opt-in, you may withdraw your consent for us to contact you at any time using the unsubscribe options included in communications or by contacting us directly at firstname.lastname@example.org.
Squarespace & Stripe eCommerce
The Petal & Veil online store is hosted by Squarespace Inc. They provide us with the online ecommerce platform that allows us to sell our products and services to you. Your data is stored through Squarespace's data storage, databases and the general Squarespace application, in addition to Google data storage and databases via application integration. Both Google and SquareSpace store your data on a secure server behind a firewall.
Payment: If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. For more insight, you may also want to read Squarespace's & Stripe's Terms of Service or Privacy Statement.
Google Analytics: Our store uses Google Analytics to help us learn about who visits our site and what pages are being looked at.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Age of consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
EU data subjects
This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland).
Petal and Veil LLC is the data controller for processing personal data provided to us through this Site. Our registered office is at 21642 Romans Drive, Ashburn, VA 20147.
Subject to applicable law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to have it rectified or completed. If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion). If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or object to us processing it. We will tell you before we lift any restriction on processing. If we have shared your Personal Data with others, we will tell them about the restriction where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so that you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that is necessary to perform a contract with you. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data — unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we have handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights by contacting us at email@example.com.
If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
Questions and contact information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact us at firstname.lastname@example.org